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We address the problem of complementing higher-order patterns without repetitions of existential 
variables. Differently from the first-order case, the complement of a pattern cannot, in general, 
be described by a pattern, or even by a finite set of patterns. We therefore generalize the simply- 
typed A-calculus to include an internal notion of strict function so that we can directly express 
that a term must depend on a given variable. We show that, in this more expressive calculus, finite 
sets of patterns without repeated variables are closed under complement and intersection. Our 
principal application is the transformational approach to negation in higher-order logic programs. 

Categories and Subject Descriptors: D.3.3 [Programming Languages]: Language Constructs 
and Features; D.1.6 [Programming Techniques]: Logic Programming; F.4.1 [Mathematical 
Logic and Formal Language]: Mathematical Logic — Lambda calculus and related systems 
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1. INTRODUCTION 

In most functional and logic programming languages the notion of a pattern, to- 
gether with the requisite algorithms for matching or unification, play an important 
role in the operational semantics. Besides unification, other problems such as gen- 
eralization or complement also arise frequently. In this paper we are concerned with 
the problem of pattern complement in a setting where patterns may contain bind- 
ing operators, so-called higher-order patterns [JVIiller 1991; Nipkow 1991]. Higher- 
order patterns have found applications in logic programming [IVIiller 1991; Pfenning 
1991a], logical frameworks [Despeyroux et al. 1997], term rewriting [Nipkow 1993], 
and functional logic programming [Hanus and Prehofer 1996]. Higher-order pat- 
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terns inherit many pleasant properties from the first-order case. In particular, most 
general unifiers [Miller 1991] and least general generalizations [Pfenning 1991b] ex- 
ist, even for complex type theories. 

Unfortunately, the complement operation does not generalize as smoothly. Lugiez 
[1995] has studied the more general problem of higher-order disunification and had 
to go outside the language of patterns and terms to describe complex constraints on 
sets of solutions. We can isolate one basic difficulty: a pattern such as Aa;. Ex for an 
existential variable E matches any term of appropriate type, while Aa;. E matches 
precisely those terms Xx. M where M does not depend on x. The complement 
then consists of all terms Ace. M such that M does depend on x. However, this set 
cannot be described by a pattern, or even a finite set of patterns. 

This formulation of the problem suggests that we should consider a A-calculus 
with an internal notion of strictness so that we can directly express that a term 
must depend on a given variable. For reasons of symmetry and elegance we also 
add the dual concept of invariance expressing that a given term does not depend 
on a given variable. As in the first-order case, it is useful to single out the case of 
linear patterns, namely those where no existential variable occurs more than once.^ 
We further limit attention to simple patterns, that is, those where constructors 
must be strict in their arguments — a condition naturally satisfied in our intended 
application domains of functional and logic programming. Simple linear patterns 
in our A-calculus of strict and invariant function spaces then have the following 
properties: 

(1) The complement of a pattern is a finite set of patterns. 

(2) Unification of two patterns is decidable and finitary. 

Consequently, finite sets of simple linear patterns in the strict A-calculus are closed 
under complement and unification. If we think of finite sets of linear patterns as 
representing the set of all their ground instances, then they form a boolean algebra 
under set-theoretic union union, intersection (implemented via unification) and the 
complement operation. 

The paper is organized as follows: Section 2 briefly reviews related work and in- 
troduces some preliminary definitions. In Section 3 we introduce a strict A-calculus 
and prove some basic properties culminating in the proof of the existence of canoni- 
cal forms in Section 4. Section 5 introduces simple terms, followed by the algorithm 
for complementation in Section 6. In Section 7 we give a corresponding unification 
algorithm. Section 8 observes how the set of those patterns can be arranged in a 
boolean algebra. We conclude in Section 9 with some applications and speculations 
on future research. 

2. PRELIMINARIES AND RELATED WORK 

A pattern t with free variables can be seen as a representation of the set of its ground 
instances, denoted by According to this interpretation, the complement oft is 
the set of ground terms that are not instances of t, i.e., the terms are in the set- 
theoretic complement of \\t\\. It is natural to generalize this to finite sets of terms, 

^This notion of linearity should not be confused with the eponymous concept in linear logic and 
A-calculus. 
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where \\ti, . . . = U • • • U \\tn\\- If we take this one step further we obtain 
the important problem of relative complement; this corresponds to computing a 
suitable representation of all the ground instances of a given (finite) set of terms 
which are not instances of another given one, written as \\ti, . . . ,tn\\ — \\ui, . . . , Um\\- 

Complement problems have a number of applications in theoretical computer sci- 
ence (sec Comon [1991] for a list of references). For example, they arc used in func- 
tional programming to produce unambiguous function definitions by patterns and 
to improve their compilation. In rewriting systems they are used to check whether 
an algebraic specification is sufficiently complete. They can also be employed to 
analyze communicating processes expressed by infinite transition systems. Other 
applications lie in the areas of machine learning and inductive theorem proving. In 
logic programming, Kuncn [1987] used term complement to represent infinite sets 
of answers to negative queries. Our main motivation has been the explicit synthe- 
sis of the negation of higher-order logic programs [Momigliano 2000a; 2000b], as 
discussed briefly in Section 9. 

Lassez and Marriot [1987] proposed the seminal uncover algorithm for comput- 
ing first-order relative complements and introduced the now familiar restriction to 
linear terms. We quote the definition of the "Not" algorithm for the (singleton) 
complement problem given in [Barbuti et al. 1990] which we generalize in Defini- 
tion 6.1. Given a finite signature S and a linear term t they define: 



NotE(x) = 

NotE(/(ii,.. .,tn)) = {g{xi,...,Xm) | € S and g /} 

U {f{zi,...,Zi-i,S,Zi+i,...,Zn) I S e NotE(ti),l < 1 < u} 



The relative complement problem is then solved by composing the above comple- 
ment operation with term intersection implemented via first-order unification. 

An alternative solution to the relative complement problem is disunification (see 
[Comon 1991] for a survey and [Lugiez 1995] for an extension to the simply-typed 
A-calculus). Here, operations on sets of terms are translated into conjunctions 
or disjunctions of equations and dis-equations under explicit quantification. Non- 
deterministic application of a few dozen rules eventually turns a given problem into 
a solved form. Though a reduction to a significant subset of the disunification rules 
is likely to be attainable for complement problems, control is a major problem. We 
argue that using disunification for this purpose is unnecessarily general. Moreover, 
the higher-order case results in additional complications, such as restrictions on the 
occurrences of bound variables, which fall outside an otherwise clean framework. 
As we show in this paper, this must not necessarily be the case. We believe that 
our techniques can also be applied to analyze disunification, although we have not 
investigated this possibility at present. 

We now introduce some preliminary definitions and examples which guide our 
development. We begin with the simply-typed A-calculus. We write a for atomic 
types, c for term-level constants, and x for term-level variables. Note that variables 
X should be seen as parameters and not subject to instantiation. 
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Simple Types A 
Terms M 

Signatures S 
Contexts T 



a\Ai^A2 
c\x\ Xx:A. M \Mi M2 
■ I S,o:type | S,c:A 
• I T,x:A 



We require that signatures and contexts declare each constant or variable at most 
once. Furthermore, we identify contexts that differ only in their order and promote 
',' to denote disjoint set union. As usual wc identify terms which differ only in the 
names of their bound variables. We restrict attention to well-typed terms, omitting 
the standard typing rules. We write the main typing judgment as F h M : ^, 
assuming a fixed signature E. 

In applications such as logic programming or logical frameworks, A-abstraction 
is used to represent binding operators in some object language. In such a situation 
the most appropriate notion of normal form is the long /Jry-normal form (which we 
call canonical form) , since canonical forms are almost always the terms in bijective 
correspondence with the objects we are trying to represent. Every well-typed term 
in the simply-typed A-calculus has a unique canonical form — a property which 
persists in the strict A-calculus introduced in Section 3. 

We denote existential variables of type A (also called logical variables, meta- 
variables, or pattern variables) by Ea, although we mostly omit the type A when 
it is clear from the context. We think of existential variables as syntactically dis- 
tinct from bound variables or free variables declared in a context. A term possibly 
containing some existential variables is called a pattern if each occurrence of an ex- 
istential variable appears in a subterm of the form E xi . . .Xn, where the arguments 
Xi are distinct occurrences of free or bound variables (but not existential variables). 
We call a term ground if it contains no existential variables. Note that it may still 
contain parameters. 

Semantically, an existential variable Ea stands for all canonical terms M of type 
A in the empty context with respect to a given signature. We extend this to 
arbitrary well- typed patterns in the usual way, and write F h M G ||iV|| : A when a 
term M is a instance of a pattern N at type A containing only the parameters in 
F and no existential variables. In this setting, unification of two patterns without 
shared existential variables corresponds to an intersection of the set of terms they 
denote [Miller 1991; Pfenning 1991b]. This set is always either empty, or can be 
expressed again as the set of instances of a single pattern. That is, patterns admit 
most general unifiers. 

The class of higher-order patterns inherits many properties from first-order terms. 
However, as wc will sec, it is not closed under complement, but a special subclass 
is. We call a canonical pattern T \- M : A fully applied if each occurrence of an 
existential variable E under binders yi, - ■ ■ ,ym is applied to some permutation of 
the variables in F and yi, . . . , y„i . Fully applied patterns play an important role 
in functional logic programming and rewriting [Hanus and Prehofer 1996], because 
any fully applied existential variable T \- E xi . . . Xn ■ a denotes all canonical terms 
of type a with parameters from F. It is this property which makes complementation 
particularly simple. 
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Example 2.1. Consider the untyped A-calculus:^ 

e ::— x \ Ax. e | ei @ 62 

We encode these expressions using the usual technique of higher-order abstract 
syntax as canonical forms over the following signature. 

S = exp : type, lam : {exp exp) exp, app : exp exp exp 

The representation function is defined as follows: 

'~x~' = x : exp 
'~Ax. e~' = lam {Xx:exp. '"e"') 
'~ei @ e2~' = app '~ei~' '~e2~' 

The representation of an object-language /3-redex then has the form 

'"(Aa;. e) @ = app {lam {\x:exp. '~e~')) '"/"', 

where '"e"' may have free occurrences of x. When written as a pattern with exis- 
tential variables Sexp^exp and F^xp this is expressed as 

app {lam {Xxiexp. Ex) F). 

Note that in the empty context this pattern is fully applied. Its complement with 
respect to the empty context contains every top-level abstraction plus every appli- 
cation where the first argument is not an abstraction. 

Not{app {lam {Xx:exp. E x) F)) = {lam {Xx:exp. H .x), app {app Hi H2) H^} 

Here H, Hi, H2, H^ are fresh existential variables of appropriate type, namely 
H : exp — > exp and Hi : exp. 

For patterns that are not fully applied, the complement cannot be expressed as 
a finite set of patterns, as the following example illustrates. 

Example 2.2. The encoding of an jy-redex takes the form: 

'~Aa;. (e @ x)~' = lam {Xx:exp. app '~e~' x) 

where '"e"' may contain no free occurrence of x. The side condition is expressed in 
a pattern by introducing an existential variable E^xp which does not depend on x, 
that is 

lam {Xx:exp. app E x). 

Hence, its complement with respect to the empty context should contain, among 
others, also all terms 

lam {Xx-.exp. app {F x) {H x)) 

where F : exp exp must depend on its argument x while H : exp exp may or 
may not depend on x. 



^We use A and @ to avoid confusion with A and application in the language of patterns. 
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As the example above shows, the complement of patterns that are not fully 
applied cannot be represented as a finite set of patterns. Indeed, there is no finite 
set of patterns which has as its ground instances exactly those terms M which 
depend on a given variable x. This failure of closure under complementation cannot 
be avoided similarly to the way in which left-linearization bypasses the limitation 
to linear patterns and it needs to be addressed directly. 

One approach is taken by Lugiez [1995]: he modifies the language of terms to 
permit occurrence constraints. For example Xxyz. M{1, 3} would denote a function 
which depends on its first and third argument. The technical handling of those 
objects then becomes awkward as they require specialized rules which are foreign 
to the issues of complementation. 

Since our underlying A-calcuhis is typed, wc use typing to express that a function 
must depend on a variable x. Following standard terminology, we call such terms 
strict in x and the corresponding function Xx:A. M a strict function. In the next 
section we develop such a A-calculus and then generalize the complement algorithm 
to work on such terms. 

3. STRICT TYPES 

As we have seen in the preceding section, the complement of a partially applied pat- 
tern in the simply-typed A-calculus cannot be expressed in a finitary manner within 
the same calculus. We thus generalize our language to include strict functions of 
type A ^ B (which are guaranteed to depend on their argument) and invariant 
functions of type A B (which are guaranteed not to depend on their argument). 
Of course, any concretely given function cither will or will not depend on its argu- 
ment, but in the presence of higher-order functions and existential variables we still 
need the ability to remain uncommitted. Therefore our calculus also contains the 
full function space A ^ B. We first concentrate on a version without existential 
variables. A similar calculus has been independently investigated by Wright [1992] 
and Baker-Finch [1993]; for a comparison see the end of Section 4. 

Labels k ::= 1 | | u 

Types A ::= a \ Ai A2 
Terms M ::= c \ x \ Xx'':A. M \ Mi M| 

Note that there are three different forms of abstractions and applications, where 
the latter are distinguished by different labels on the argument. It is not really 
necessary to distinguish three forms of application syntactically, since the type of a 
function determines the status of its argument, but it is convenient for our purposes. 
A label u is called undetermined, otherwise it is determined and denoted by d. 

We use a formulation of the typing judgment 

r;n;AhM:A 

with three zones: F containing unrestricted hypotheses, containing the irrelevant 
hypotheses, and A containing the strict hypotheses. We implicitly assume a fixed 
signature S which would otherwise clutter the presentation. Recall that Fi , F2 is 
the union of two contexts that do not declare any common variables. Recall also 
that we consider contexts as sets, that is, exchange is left implicit. The typing rules 
are given in Figure 1. 
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c:A G S 

Con 

T;Q.\-\- c: A 

Id" Id^ 

{T,x:A);Q\-\- X : A no li'^ rule r;il;x:A\- x : A 

(r,a;:A);n; A H M : B 

A 7 

T; n; A h Xx'^:A. M : A ^ B 

r- {n,x:A);A\- M : B 
T; n; A h Xx°:A. M : A B 

r-n- {A,x:A) \- M : B 

r;n; A h Xx^:A. M : A B 

r;n; A h M : A A- B (r, A); Q; • h W : A 

r;Q;A\-MN^:B 

T-n-A\-M:A-^B {T,n, A); ■■ ■ \- N : A 

E 

T; n; A h M Ar° : B 

(r, AN);n; Am ^M:A^B (r, Am); Ajv h AT : A 

-i» E 

r;f2;(AM,Ajv)l-M ATI : B 

Fig. 1. Typing rules for T; A h M -.A 

Our system is biased towards a bottom-up reading of the rules in that vari- 
ables never disappear, i.e., they are always propagated from the conclusion to the 
premises, although their status might be changed. 

Let us go through the typing rules in detail. The requirement for the strict 
context A to be empty in the Id" and Id^ rules expresses that strict variables 
must be used, while undetermined variables in F or irrelevant variables in O can 
be ignored. Note that there is no rule for irrelevant variables, which expresses 
that they cannot be used. The introduction rules for undetermined, invariant, and 
strict functions simply add a variable to the appropriate context and check the 
body of the function. The difficult rules are the three elimination rules. First, the 
unrestricted context F is always propagated to both premises. This reflects that we 
place no restriction on the use of these variables. 

Next we consider the strict context A: recall that this contains the variables 
which should occur strictly in a term. An undetermined function M : A ^ B may 
or may not use its argument. An occurrence of a variable in the argument to such 
a function can therefore not be guaranteed to be used. Hence we must require in 
the rule —>■ E for an application M N'^ that all variables in A occur strictly in 
M. This ensures at least one strict occurrence in M and no further restrictions on 
occurrences of strict variables in the argument are necessary. This is reflected in 
the rule by adding A to the unrestricted context while checking the argument N. 
The treatment of the strict variables in the vacuous application M N° is similar. 
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8 • A. Momigliano and F. Pfenning 



[ ~ " 

y; ■; X \- X : A A —* B x;-;y\-y:A 

Id" 

■■,-,{x,y)\- X y^ : A-h B {x,y);-;- \- y : A 



.; .; (x-.A ^A^B, y.A) h{xy^)y^ -.B 

Fig. 2. First derivation of •; •; {x:A ^ A^ B, y.A) \- {x y^) y^ : B 



■Id^ 



■ Id" 



y;-,x\- X : A-* A B {x,y);-; - 'r y : A 

\ \ Icli 

y;-,x\-xy -.A^B x;-,y\-y:A 

^E 

.■,.;{x:A-^A^B,y:A)h{x y"^) y^ : B 

Fig. 3. Second derivation of •; •; (x:A A^ B, y.A) \- {x y^) : B 

In the case of a strict application M N'^ each strict variable should occnr strictly 
in either M ov N . We therefore spht the context into Am and Ajv guaranteeing that 
each variable has at least one strict occurrence in M or N, respectively. However, 
strict variables can occur more than once, so variables from Ajy can be used freely 
in M, and variables from Am can occur freely in N. As before, we reflect this by 
adding these variables to the unrestricted context. 

Finally we consider the irrelevant context 17. Variables declared in 17 cannot 
be used except in the argument to an invariant function (which is guaranteed to 
ignore its argument). We therefore add the irrelevant context O to the unrestricted 
context when checking the argument of a vacuous application M . 

We now illustrate how the strict application rule non-deterministically splits con- 
texts. Consider the typing problem •; •; {x:A B, y.A) h {x y^) : B, related 
to the contraction principle. There are four ways to split the strict context for the 
outer application. 

Am = x-.A-^ A^ B,y:A An = ■ 
Am = x:A^A^B Am = y.A 
AM=y-A An=x:A^A^B 
Am = ■ An =x:A^ A^ B,y:A 

Only the first two yield a valid derivation as depicted in Figures 2 and 3. Here we 
have dropped the types in the context. 

Our strict A-calculus satisfies the expected properties, culminating in the exis- 
tence of canonical forms which is critical for the intended applications. First we 
remark that types arc unique, although typing derivations may not. 

Theorem 3.1 Uniqueness of Typing. Assume (r,n. A) = (r',r2',A'). 
IfT;n;A\- M : A and V; 17'; A' h M : A', then A = A'. 

Proof. By induction on the structure of the given derivation, exploiting unique- 
ness for declarations of variables and constants. □ 

ACM Transactions on Computational Logic, Vol. ?, No. ?, ? 20??. 



Higher-Order Pattern Complement • 9 



We start addressing the structural properties of the contexts. Exchange is directly 
built into the formulation and will not be repeated. Note that our calculus is 
formulated entirely without structural rules, which now have to be shown to be 

admissible. 

Lemma 3.2 Weakening. 

{1 ) (Weakening") // T; Q; A h M : A, then {T, x:C); Q;A^ M -.A. 
{2) (Weakening) //T; O; A h M : A, then T; {n,x:C);Ah M : A. 

Proof. By induction on the structure of the given derivations. □ 

The following properties allow us to lose track of strict and vacuous occurrences, 
if we arc so inclined. 

Lemma 3.3 Loosening. 
{1) (Loosening^) // T; (f2, a::C); A h M : A, then (L, x:C); fi; A h M : A. 
{2) (Loosening^) IfT;Q; {A,x:C) \- M : A, then (F, a;:C); O; A h M : A. 

Proof. By induction on the structure of the given derivations. □ 

Next we come to the critical substitution properties. They verify the intended 
meaning of the hypothetical judgments and directly entail subject reduction (The- 
orem 3.5). To be consistent with the design of our typing rules, we formulate 
the substitution properties so that each of the given derivation depends on the 
same variables, although their status might be different (unrestricted, irrelevant, 
or strict). Note that this is possible only because we have included irrelevant hy- 
potheses in our judgment. 

Lemma 3.4 Substitution. 

{!) (Substitution'') If (r,x:A);0;A \- M : C and (r,A);f2;- \- N : A, then 
T;n;A\- [N/x]M : C. 

{2) (Substitution^ ) If T;{n,x:A)- A \- M : C and (r,A,f7);-;- h N : A, then 

F; 17; A h [N/x]M : C. 
(5) (Substitution^) If {T, An);^: (Am , x:A) ^ M : C and {T, Am); ^] An ^ N : A, 

then F; {Am, An) h [N/x]M : C. 

Proof. We proceed by mutual induction on the structure of the derivation T> 
oi M : C, using weakening and loosening as needed to match the form of the 
induction hypothesis. Each case is otherwise entirely straightforward. We show 
only one case in the proof of strict substitution (part 3). Here and in subsequent 
proofs we sometimes write D :: J if 2? is a derivation of judgment J instead of the 

V 

two-dimensional notation j . 

Case. V ends in -^E. There are two sub-cases, depending on whether the dec- 
laration x:A is strict in the left premise or right premise. We show the former. 

(F, Ajv, Aq); fl; (Ap, x:A) h P : B ^ C (F, Ajv, Ap, x:A); 17; Aq h Q : B 
(F, An); O; (Ap, x:A, Aq) \- P : C 

ACM Transactions on Computational Logic, Vol. ?, No. ?, ? 20??. 
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Vi :: {T,AN,AQ);n;{Ap,x:A)h P : B ^ C Subderivation 

f :: (r, Ap, Aq);0; Ajv h TV : ^ Assumption 

(r, Aq); n; (Ap, An) h [N/x]P : B ^ C By i.h. (3) onVi,S 

(r, Aq, Aw); n; Ap h [N/x]P : B ^ C By Loosening^ A;v 

2?2 (r, Aat, Ap, x:A); VI;Aq^ Q:B Subderivation 
£' :: (r,Ap,AQ,AAr);17;- \- N : A By Loosening^ A^ in £ 

(r. An, Ap); f]; Aq h [iV/x]Q : B By i.h. (1) on Pa, £' 

r;0;(Ap,AQ,Aw) h [iV/x](P Q^) : C By rule 

□ 

Weakening, loosening, and substitution directly imply the contraction property 
for all three kinds of hypotheses. Since we do not use contraction in this paper, we 
elide the formal statement and proof of this property. 

The notions of reduction and expansion derive directly from the ordinary /3 and 
T] rules. 

{\x^:A. M)N'' [N/x]M 
{M -.A^ B) Xx'':A. M x'' 

An application of ?7-expansion rules requires the term M to have the indicated 
type. The subject reduction and expansion theorems are an immediate consequence 
of the structural and substitution properties. 

Theorem 3.5 Subject Reduction. 
// T-Vl] Ah M : A and M ^ M' then T; f]; A h M' : A. 

Proof. We proceed by cases and inversion followed by an appeal to the sub- 
stitution property. We show only one case. Let M = {Xx^:B. P) : A and 

M' = [Q/x]P. 

T; 17; A h {Xx^ -.B. P) : A Assumption 
A = (Ap, Aq), £ :: (T, Ap); 17; Aq h Q : and 

(r, AQ);fi; Ap h Xx^:B. P : B ^ A By inversion 

V :: (r, Aq); f}; (Ap, x:B) h P : A By further inversion 

T; Q.; (Ap, Aq) h [Qlx]P : A By substitution^ on V, £ 

□ 

Subject reduction continues to hold if we allow the reduction of an arbitrary 
subterm occurrence. We omit the obvious statement and formal proof of this fact. 

Theorem 3.6 Subject Expansion. 
If r;n; A \- {M : A) ^ B and {M : A B) ^ M' then T; O; A h M' : A B. 

Proof. Direct. We consider only the strict case {k = 1). 

r;n;A\~M:A^B Assumption 

(r, x:A); n;A\-M:A^B By weakening" 

{T,A);n;x:A\-x:A By rule Id^ 

P; O; (A, x:A) 'r M : B By rule 

ACM Transactions on Computational Logic, Vol. ?, No. ?, ? 20??. 
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T; fi; A h Xx^:A. M : A ^ B 
□ 

The following lemma establishes a sort of consistency property of the type system, 
showing that a term M cannot be both strict and vacuous in a given variable. This 
will be central in the proof of disjointness of pattern complementation (Lemma 6.4). 

Lemma 3.7 Exclusivity. It is not the case that both Fi; Oi; (Ai, a;:C) \- M : A 
and Ls; (O2, x:C); A2 h M : A. 

Proof. By induction on the structure of the derivation of ri;f7i; (Ai,a;:C) h 
M : A, applying inversion on the derivation of {Q2,x:C); A2 I- M : ^ in each 
case. □ 

4. THE CANONICAL FORM THEOREM 

In this section we establish the existence of canonical forms for the strict A-calculus, 
i.e., /3-normal 77- long forms, which is crucial for our intended application. We prove 
this by Tait's method of logical relations; we essentially follow the account in [Pfen- 
ning 2001a], with a surprisingly little amount of generalization from simple to strict 
types, thanks to a simplified account of substitutions. 

We start by presenting the inductive definition of canonical forms. It is realized 
by the two mutually recursive judgments depicted in Figure 4: 

F; fl; A h M i A M is atomic of type A. 
F; rj; A h M t|- A M is canonical of type A. 

Informally, M is atomic (written MIA for some A) if M consists of a variable 
applied to a sequence of arguments, where each of the arguments is canonical at ap- 
propriate type. A term M is canonical if M consists of a scqiience of A-abstractions 
followed by an atomic term of atomic type. We shall abbreviate judgments involving 
-f|- and i as -fli- 

Lemma 4.1 Soundness of Canonical Terms. 
//F; f2; A I- M Hi A, then F; A h M : yl. 

Proof. By induction on the structure of the derivation of F; f2; A h M -f|-J, A. □ 

We describe an algorithm for conversion to canonical form in Figure 5. This al- 
gorithm is presented as a deductive system that can be used to construct a canon- 
ical form from an arbitrary well-typed term. Note that the algorithm does not 
need to keep track of occurrence constraints — they will be satisfied by construction 
(see Theorem 4.2). We write ^ for a single context of distinct variable declara- 
tions whose status should be considered ambiguous since it is unnecessary to know 
whether they are unrestricted, irrelevant, or strict. 

^ \- M i N : A M has atomic form N of type A. 
^ \- M N : A M has canonical form N at type A. 

These utilize weak head reduction, which includes local reduction {(3) and partial 
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c:A e S 

■ cidc 



r;n;-\-clA 



■ cid" cld^ 



(r,x:A);n;-\-xlA no cld^ rule T; a;: A h a; J. A 

r;n; A \- M la 



■ cAt 



■c A/ 



r;n;AhMft-a 
{r,x:A);n-A\- M -([ B 

T; A h {\x'^:A. M) it A ^ B 
r;n;{A,x:A) h M -ft- -B 

r; f2; A h (Xx^:A. M) f A ^ B 
r;{Cl,x:Ay,A\-MfB 

c — > / 

r; f2; A h {Xx°:A. M) if A B 
r;f2; A h M i A A B (r, A); fi; • h iV fl- A 

T; n; A h M AT" J. B 
r;a;A\- M I A-^ B (r, H, A); •; • H AT -fr A 
T; n; A h M AT" J, B 
(r, A^); Q; Am H M i A i B (r, Am); H; A^ h AT -fr A 

r-Q; (Am,A^)I-M Afi IB 

Fig. 4. Canonical forms: T; O; A h M ffi A 



c:A e E x:A e * 

■ tcldc tcldvar 



■c -A B 



*l-cJ.c:A -if \-x Ix: A 

M' *l-M'-fl-M":a *l-MJ,Af:a 



■ tcAtm 



Mf M" -.a -if \- M f N : a 

•iS/,x:A\- M x'' f N : B ^ 4r|-MJ,P:A-^B h N ■ft Q : A 



* h M -ft- (Ax^:A. N) : A^ B h M n'' i P Q'' : B 



Fig. 5. Conversion to canonical form: ^ h M flJ, Af : A 

congruence {u): 



(Aaj^A. M) ^ [N/x]M M N'' ^ Q 

Operationally, we assume that M is given and we construct an A'' such that M 

N or fail. The judgments for conversion to canonical form can be interpreted as an 
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algorithm in the foUowing manner: 

\- M i N : A Given * and M construct TV and A 
^ \- M f N : A Given M, and A construct N 

The main theorem of this section states that if T;Cl; A \- M : A and ^ = (F, O, A) 
then the two judgments above will always succeed to construct an N and A, or N, 

respectively. 

Theorem 4.2 Conversion Yields Canonical Terms. 
// (r, n, A) \- M ill N : A andV-Q; A\- M : A, then T; O; A h AT D-j A. 

Proof. By induction on the structure of the derivation of (F, Q, A) \- M N : 
A and inversion on the given typing derivation in each case. □ 

In the construction of logical relations wc will need a notion of context extension, 
\|/' > \]> (\]>' extends \l/ with zero or more declarations). It is clear that conversion 
to canonical form is not affected by weakening. We omit the formal statement of 
this property. 

We can now introduce a unary Kripke-logical relation, in complete analogy with 
the usual definition for the simply- typed A-calculus. At base type we postulate the 

property we are trying to show, namely existence of canonical forms. At higher type 
we reduce the property to lower types by quantifying over all possible elimination 
forms. 

Definition 4.3 Valid Terms. 

(1) * h M e [a] iff * h M lt JV : a, for some N. 

(2) * h M e [A A B] iff for every > * and every TV, if h iV e {A}, then 
^'l-MiV*^ e {Bj. 

We say a term M is valid if ^ \- M £ fAJ for appropriate ^ and A. 

First we show that all valid terms have canonical forms. We prove at the same 
time that atomic terms are valid, both by induction on the structure of their types. 

Lemma 4.4 Valid Terms have Canonical Forms. 

(1) If^'rMe {A}, t/ien * h M fr iV : A. 
{2) // * h M i iV : A, then * h M G [Al. 

Proof. By induction on A. 

Case. A = a. Immediate from the definition of [a] 

Case. A = Ai^A2. 
(1) h M e lAi i A2I 
^,x:Ai > * 
^,x:Ai \- X ix : Ai 
^,x:Ai \- X € |Ai] 
^,x:Ai\- M x'' G [A2I 
*,a;:Ai \- M x'' f N : A2 
<b h M it Xx'':Ai. N : Ai ^ A2 



Assumption 
By definition of > 
By rule tcldvar 
By i.h. (2) 
By definition of |-] 
By i.h. (1) 
By rule tc / 
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(2) 



* h M i M' : A ^2 

^' >^ and ^' \- N G [Aij for arbitrary and N 

^' h N il N' : Ai 

h M i M' : yli A As 
^' \- M N'' I M' N''' : A2 

h M iV'= e lA2j 



Assumption 
New assumption 
By i.h. (1) 
By weakening 
By rule tc^E 
By i.h. (2) 
By definition of |-] 



□ 



The second major part states that every well-typed term is valid, 
need closure of validity under head expansion. 

Lemma 4.5 Closure under Head Expansion. 
I- M' G {A} and M ^ M' , then * h M G {A}. 

Proof. By induction on A: 

Case. A = a. immediate by definition and rule tc 
Case. A = Ax A2. 

h M' G |Ai A A2} 

I- iV G I^i] for arbitrary > * and N 
h M' 7V'= G IA2\ 

M ^ M' 

h M N'' e IA2] 
* h M G [Ai A A2I 



For this we 



Assumption 
New assumption 
By definition of |-] 
By rule u 
By i.h. on A2 
By definition of |-] 



□ 

Due to the need to /3-reduce during conversion to canonical form, we need to 
introduce substitutions. We will not require substitutions to be well-typed, but 
they have to be valid in the sense that all substitution terms should be valid. 



Substitutions 6 



e I e, M/x 
and we write 9{x) 



For = 0', M /x, we say that x is defined in 6 and we write 9{x) ~ M . We require 
all variables defined in a substitution to be distinct: we use dom(0) for the set of 
variables defined in 6. Furthermore, the co-domain of 6 are the variables occurring 
in the substituting terms. 

Next, we define the application of a substitution to a term M, denoted [0\M. 
We limit application of substitutions to objects whose free variables are in the 
domain of 6. 

[6]c = c 

[e]x = e{x) 

[e]{M N'') = {[9]M) {[9]N)'' 
[9]{Xx^:A. M) = Xx'':A. [9,x/x]M 

In the last case we assume that x does not already occur in the domain or co-domain 
of 9. This can always be achieved by renaming of the bound variable. 
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We will also need to mediate between single substitutions stemming from /?- 
reduction and simultaneous substitutions. We define how to compose a single sub- 
stitution from a /3-reduction with simultaneous substitutions, written as [N/x]6. 

[N/x]{e) = e 
[N/x]ie,M/y) ^ [N/x]{e),i[N/x]M)/y 

Note that [N/x]{[6,x/x]M) = [9,N/x]M if .t does not occur in the co-domain of 
9. For a context \E' = xi:Ai, . . . ,Xn'-An, we introduce the identity substitution on 
^ as id* = xi/xi, . . . , Xn/xn- Clearly, id^M = M if the free variables of M are 
contained in 

We extend the notion of validity to substitutions as already indicated above: a 
substitution 9 is valid for context ^' if for every binding M/x such that x:A is in 
we have M is in 

Definition 4.6 Valid Substitutions. 

(1) $ h 6* e !•] iff 6* = e. 

(2) $ h 6* € I*', x:Aj iff 6* = 9', M/x such that $ h M e fA] and $ h 6l' e l^-']. 

We remark that contexts are not ordered, hence, for = (F, ft, A) we will iden- 
tify, for example, |5',a;:A] with |(F, a;:A, f2, A)]. Clearly, this view is legitimate 
in terms of the above definition, since validity of a substitution simply reduces to 
validity of the terms in it. It is easy to see that validity, both for terms and for 
substitutions, satisfies weakening. We omit the formal statement and proof of this 
property. 

The next lemma is critical. It generalizes the statement that well-typed terms 
are valid by allowing for a valid substitution to be applied. This is necessary in 
order to proceed with the proof in the case of any of the three A-abstractions. 

Lemma 4.7 Well- Typed Terms are Valid. 
// F; f]; A h M : A, then for every * such that ^ \- 6 e |(r, fl, A)] we have 

* h [9]M e {Aj. 

Proof. By induction on the typing derivation I? of F; Q; A h M : A. 
Case. 

V = Id" 

{T,x:A);Q.;-\- x: A 

* h 61 e |(r, x:A, 0)1 Assumption 

* h 6i(x) G [A\ By definition of [•] 

* I- [6']x e {A} By definition of substitution 

Case. V ends in Id^. As in the previous case. 

Case. V ends in Con. Immediate by Lemma 4.4(2) and definition of substitution. 
Case. 

(F,a;:A);0; A h M : B 



TiQ: A\- Xx'^-.A. M : A ^ B 
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{T,x:A);n;A\-M:B Subderivation 

* h e [(r, n, A)] Assumption 
^' 'r N e [A] for arbitrary > and N New assumption 

h {0, N/x) G |(r, a;:^, A)] By definition of |-] and weakening 

^' ^[e,N/x]M &IBI Byi.h. 

^' h [A;'/a;]([6', a;/a;]M) e {B} By property of substitution 

h (Aa;":A. [6», a;/a;]M)iV" G |B] By Lemma 4.5 

^' h ([6l](Aa;":A. M))A/'" e {B} By definition of substitution 

* h [6i](Aa;":A. M) G [A A B| By definition of {A A B] 

Cases. V ends in A 7 or ^ /. Analogous to previous case. 
Case. 

T-Q.;A'r M : A^ B {T , l^);^] ■ \- N : A 

v = Ai; 

T; Jl; A h M AT" : B 

-i- h G |(r, f^, A)] Assumption 

r;17;AI-M:AAB Subderivation 

* h [6]M &IA^B\ By i.h. 
(r, A);Vt\-^ N : A Subderivation 

* h [6']iV G lA] By i.h. 
> * By definition of > 

* h ([6']M)([6']A^)" G |B1 By definition of |-] 

* h [e] {M NY G |B] By definition of substitution 

Cases. V ends in A £■ or Analogous to the previous case. 

□ 

Prom this central lemma, the canonical form theorem follows by noting that the 
identity substitution is valid. 

Lemma 4.8 Validity of Identity, I- irf^ g |*]. 

Proof. By a straightforward induction on ^ using Lemma 4.4(2). □ 

Theorem 4.9 Canonical Porms. 
// F; A h M : A, then there exists an N such that {r,n,A)\-M-i[N:A and 
T;n;A^ N i[ A. 

Proof. Direct from prior lemmas. 

T]Cl;A\-M:A Assumption 

(P, O, A) h id(r,n,A) € [(r, n, A)] By Lemma 4.8 

(P, O, A) h [id(^r,QA)W G M By Lemma 4.7 

(P, O, A) h M g' (aJ By identity substitution 

{T,n,A.)^ M N : A for some N By Lemma 4.4(1) 

T;n;A\-NfA By Theorem 4.2 

□ 
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We close this section with some remarks on related work on strictness. Church 
original definition of the set A/ of (untyped) A-terms [Church 1941] has this clause 
for abstraction: 

If M e Aj and x € FV{M), then Ao;. M G A/. 

Therefore, in this language there cannot be any vacuous abstractions. The combi- 
natorial counterpart of this calculus excludes K and consists of I, W, B, C. Those 
are the axioms of what Church called weak implicational logic [Church 1951], i.e., 
identity, contraction, prefixing and permutation. This establishes the link with an 
enterprise born from a very different origin, namely the relevance logic project [An- 
derson and Belnap 1975], which emerged in fact in the early sixties out of Anderson 
and Belnap's dissatisfaction with the so-called ^^paradoxes of implication" , let it be 
material, intuitionistic, or strict (in the modal sense of Lewis and Langford). 

Following Girard's and Belnap's suggestion [Belnap 1993], we will not refer to 
our calculus as relevant, but as strict logic, as the former may also satisfy other 
principles such as distributivity of implication over conjunction. 

On an unrelated front, starting with Mycroft's seminal paper [Mycroft 1980], 
compile-time analysis of functional programs concentrated on strictness analysis 
in order to get the best out of call-by-value and call-by-need evaluation; first in 
terms of abstract interpretation, later by using non-standard types to represent 
these "intensional" properties of functions (see [Jensen 1991] for a comparison of 
these two techniques). However, earlier work such as [Tsung-Min and Mishra 1989] 
used non-standard primitive type to distinguish strict or non-strict terms, closed 
only under unrestricted function space. In the setting of functional programming, 
various different notions of strictness emerged. However, the absence of recursion 
and effects in our setting admits fewer distinctions. 

Wright [1992] seems to be the first to have extended the Curry-Howard isomor- 
phism to the implicational fragment of relevance logic and explicitly connected the 
two areas, although both [Belnap 1974] and [Helmann 1977] had previously recog- 
nized the link between strictness and relevance. 

Baker-Finch [1993] presents a type assignment system that makes available strict, 
invariant and intuitionistic types. It is biased towards enforcing strictness infor- 
mation, which ultimately leads to a different expressive power from our calculus. 
There is only one context, where variables carry their occurrence status as a label. 
There is one identity rule, the strict one, so that e.g. \x. x : A ^ Aia not derivable, 
as it can be given the more stringent type A A. Let us consider the elimination 
rules for strict and irrelevant functions. 

M :A^B T'\-N :A' 

app — > 



T,T' \- M N : B 
M :A-^B T'\-N :A' 

r,r'[l :=0]h M N : B 



app 



A side condition A' < A enforces the information ordering, so that for example 
A' B <A^ B', provided that A<A',B<B'. This allows us to infer by strict 
application r,T' ^ M N : C from F h M : (A A B) ^ C and F' h iV : A B. 
The latter is instead forbidden in our system by the labeled reduction rules. The 

ACM Transactions on Computational Logic, Vol. ?, No. ?, ? 20??. 



18 • A. Momigliano and F. Pfenning 

rationale on the relabeling operation in the rule app is that A is not relevant 
to B, so all hypothesis should be deleted. Instead, in order to preserve every vari- 
able declaration, their strict label is changed into irrelevant. This would amount 
to moving the strict variables in the irrelevant context in our system. Note the 
difference with our rule, where the latter variables are moved in the unrestricted 
context. Moreover, having only one context, the author needs a strategy to deal 
with the same variable with different annotations; the solution is that while propa- 
gating premises top-down a binding x^:A supersedes x":A which in turn supersedes 
x°:A. 

Wright [1996] introduces Annotation Logic as a general framework for resource- 
conscious logics. Its formulae have the form A ::= X'' \ A B for any annotation k 
and there are specific structural as well as annotation rules. The latter implement 
rules such as promotion or dereliction. By instantiation with different algebras 
of annotation, we get systems such as linear and strict logic as well as various 
other usage logics. An abstract normalization procedure is sketched, which however 
requires commutative conversions already in the purely implicational fragment. 

In summary, none of the systems of strict function in the literature served our 
purpose, nor did any of the authors prove the existence of canonical forms that are 
critical for our application. 

5. SIMPLE TERMS 

Now that we have developed a calculus which is potentially strong enough to rep- 
resent the complement of linear patterns, two questions naturally arise: how do we 
embed the original A-calculus, and is the calculus now closed under complement? 
We require that our complement operator ought to satisfy the usual boolean rules 

for negation: 

(1) (Exclusivity) It is not the case that some M is both a ground instance of A'' 
and of Not{N). 

(2) (Exhaustivity) Every M is a ground instance of N or of Not(A''). 

Remember that when we refer to ground instances we mean instances without any 
existential variables. Parameters, on the other hand, can certainly occur. 

Unfortunately, while the first property follows quite easily for a suitable algo- 
rithm, it turns out the second cannot be achieved for the full strict A-calculus 
calculus as presented in the previous sections. The following counterexample is a 
pattern whose complement cannot be expressed within the language. 

Example 5.1. Consider the signature a:type, 6:a, c:a A a. Then in the context 
x:a; •; • we have 

\\E x°\\ = {&,c 6",c (c 6")",...} 
Not(||£; = {a;, c x", c (c a;")", . . .} 

It is easy to see that Not(||i!^ x°||) cannot be described by a finite set of patterns. 
The underlying problem is the undetermined status of the argument to c:a A a 
which means it can contain neither strict nor irrelevant variables while being allowed 
to contain unrestricted variables. 
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However, the main result of this section is that the complement algorithm pre- 
sented in Definition 6.1 is sound and complete for the fragment which results from 
the natural embedding of the original simply-typed A-calc\ilus; this is siifficicnt for 
our intended applications. We will proceed in two phases. First we restrict ourselves 
to a class of terms (that we call simple) for which the crucial property of tightening 
(Lemma 5.5) can be established. Second we transform the complement problem so 
that each existential variable is applied to all parameters and bound variables in 
whose scope it appears. This improvement is mainly cosmetic and makes it easier 
to state and prove correctness for our algorithms. 

Recall that we have introduced strictness to capture occurrence conditions on 
variables in canonical forms. This means that first-order constants (and by exten- 
sion bound variables) should be considered strict functions of their argument, since 
these arguments will indeed occur in the canonical form. On the other hand, if we 
have a second order constant, we cannot restrict the argument function to be either 
strict or vacuous, since this would render our representation language too weak. 

Exam,ple 5.2. Continuing Example 2.1, consider the representation of the K 

combinator: 

^Kx. Ay. x'^ = lam {Xx:exp. lam (Xy.exp. x)) 

Notice that the argument to the first occurrence of '/am' is a strict function, while 
the argument to the second occurrence is an invariant function. If we can give only 
one type to 'lam' it must therefore be {exp A exp) exp. 

Generalizing this observation means that positive occurrence of function types 
are translated to strict functions, while the negative ones to undetermined func- 
tions. We can formalize this as an embedding of the simply-typed A-calculus into a 
fragment of the strict calculus via two (overloaded) mutually recursive translations 
()~ and ()+. First, the definition on types: 

{A B)+ = A- -^B+ 
{A B)- = yl+ A 
a~ = = a 

We extend it to atomic and canonical terms (including existential variables), signa- 
tures, and contexts; we therefore need the usual inductive definition of atomic and 
canonical terms in the simply-typed A-calculus (see for example [Pfenning 2001a]), 
which can be obtained by dropping labels from the definition of canonical form 
in Figure 4. In addition, wc allow well-typed applications Ea .t^^ . . . x^ of base 
type as canonical terms. Recall that xi, . . . ^Xn must be distinct bound variables or 
parameters. Note that the embedding ()~ is applied only to canonical terms, while 
0+ is applied only to atomic terms. 



{\x:A. M)- 

[Ea Xi.-.XnY 

M- 



Aa;":^+. M" 
Fa- xI 
M+ 



'-1 ■ ■ 



for M of base type 
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(M N)+ = M+ (Af-)i 

(0-^ = • 

{T\x:A)+ = r+,x:A+ 
{Ti,a:type)^ = Y,^ ^a:type 
(E,c:A)+ = S+,c:A+ 

Example 5.3. Returning to Example 5.2: 

{lam {Xx:exp. lam {Xy.exp. x)))"*" = lam {Xx^:exp. lam {Xy^iexp. x)^)^ 

The image of the embedding of the canonical forms of the simply-typed A-calculus 
gives rise to the following fragment, where we allow existential variables to have 
arguments with arbitrary labels. 

Simple Terms M ::= Xx'^:A+. M \ h Ml . . . \ Ea x'l' . . . x';;- 

It is possible to generalize this language further to allow arbitrary abstractions as 
well, but this is beyond the scope of the present paper (see the comment in the 
Section 9). 

Theorem 5.4 Correctness of ()=*=. 

(1) //r h M fr A, then T+; •; ■ ^ fr A". 
{2) IfFh M iA, then T+; •; • h M+ j A+ . 

Proof. By mutual induction on the structure of the derivations of F h M -f|- ^4 
andrhMJ,A. □ 

From now on we may hide the ()^ decoration from strict application of constants 
in examples. Moreover, we will shorten judgment on simple terms of the form 
Jto-Fh J. 

We can now prove the crucial tightening lemma. It expresses the property that 
every simple term with no existential variable is either strict or vacuous in a given 
undetermined variable. 

Lemma 5.5 Tightening. Let M be a simple term of type A with no existential 

variables. 

(1) If {r,x:C);Q;Ah M I A then 

either F; O; (A, x:C) \-M lAorT; (f2, x:C); A\-M lA. 

{2) IfiT,x:C);n;AhM-i[Athen 

either T f7; (A, x:C) ^ M f A or F; {n, x:C); A h M A. 

Proof. By mutual induction on Vi :: (F, a;:C); A \- M I A and V2 :: 
(F, x:C); fl; A \- M A. We show only one case. 

Case. 

(F,:r:r.A_v):ii:A,, { A^B (P. .rif. A,,): O: A_v ^N^A 

Vi = c^E 

(F, x-.C); O; (Am, An) ^ M i B 
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There are four sub-cases, stemming from the two possibihties each for the two 
subderivations. 

(1) (T,AN):n;{AM:X:C)h M I B Subcase of i.h. 
{T,AM);^;iAN,x:C) h NfA Subcase of i.h. 
(r, Am,x:C); Q; An \- N f A By Loosening^ x 
T; Q: {Am,x:C, An) ^ M [ B By rule c^E 

(2) {T,AN)-:{^,x:C):AM'rMiA^B Subcase of i.h. 
(r, Am); x:C); Aat h TV fr A Subcase of i.h. 
T; (O, x:C); (Am, A;v) ^ M i B By rule c^E 

(3) (r,AAr);r2; (AM,a;:C) h M i A ^ B Subcase of i.h. 
(r, Am); (fi, x:C); Ajv H iV fr A Subcase of i.h. 
(r, Am, a;:C); Q.\An'^ N A By Loosening" x 
V]Vi;{AM:X:C,AN)^ M [B By rule c^iJ 

(4) Symmetrical to (3). 

□ 

We remark that tightening fails to hold once we allow unrestricted function types 
in a negative position. For example, {y.A A B,x:A);-;- \- y x^ : B but both 
y.A A B- ■■ x:A\/ y x'^ : B and y.A A B- x:A- -[/y x'^ -.B. 

We also have the following related property. 

Lemma 5.6 Irrelevance. Let M he a simple term without existential variables. 

{1) IfV-{9.,x:C)\A'^ M ■{[ A, t/ien T; O; A h M it yl. 
{2) IfT;{Q.,x:C);A'^ M [A, thenT;Q.- A^ M [ A. 

Proof. By mutual induction on the given derivations. □ 

Note that irrelevance holds for any strict canonical term, but it is false for terms 
containing redices. For example, for c:B we have -^x-.A; ■ h {Xy^:A. c) x^ : B, but 
•;-;-b'(A2/°:Ac) x° : B. 

For simple terms it is often more convenient to replace explicit reference to atomic 

forms by an n-ary version of c^E. This can easily be seen to cover all atomic forms 
for simple terms where the head h can be a variable x or constant c. 

A... AA„ Aa ^fhNiilAi ■■■ * h iV„ ^ A„ 
] ] <=^-^ 

We can simplify the presentation of the algorithms for complement and later uni- 
fication if we require any existential variable to be applied to every bound variable 
in its declaration context. This is possible for any simple linear pattern without 
changing the set of its ground instances. We just insert vacuous applications, which 
guarantee that the extra variables are not used. 

In a slight abuse of notation we call the resulting patterns fully applied. This 
transformation is entirely straightforward and its correctness is easily established 
using Irrelevance (Lemma 5.6). We omit the formal details here, showing only an 
example. 
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r;n;Ah<I'ofc r;n;A|-M:o 

grFlx 

* h M € \\Ea ^\ ■■ a 

{^,x:A) h M G IIWII : B 
grLam 

* h \x^:A. M £ ||Aa:":A. N\\: B 

* 1- ft : i • ■ • -i* An -i» a * I- Mi G HA^i || : Ai • • • h M„ G ||W„|| : A„ 
grApp 

'i\-h Ml...Ml&\\h Nl...Nl\\:a 

Fig. 6. Ground instance: \- M £ \\N\\ : A 

Example 5.7. Recall the simple pattern that encodes an object-level ry-redex 
from Example 2.2, 

lam {\x^:exp. app E x). 

It is not fully applied, since E is not applied to x. This is crucial, since E is not 
allowed to depend on the bound variable x. In its fully applied form 

lam {Xx":exp. app {E' x^) x), 

this occurrence condition is encoded by an irrelevant application of a fresh existen- 
tial variable E' of type exp exp to ,t. According to Lemma 5.6, this means that 
X cannot occur in the canonical form of E' x'^ for any instance of E' . 

In the remainder of this paper we will assume that all existential variables are 
fully applied as defined above. We refer to a pattern E x'^'^ . . . x^" as a generalized 
variable. Furthermore, we always sort the variables xi . . . Xn so that they come 
in some standard order; this simplifies the description of some of the algorithms 
on fully applied patterns. Following standard terminology we call atomic terms 
whose head is a bound variable or a parameter rigid, while terms whose head is an 
existential variable is called flexible. 

Under these assumptions we can more formally specify the interpretation of terms 
with existential variables. We use $ for sequences of distinct, labelled bound vari- 
ables; if a;'' € i>, we set ^{x) = k. We say that T; fi; A h $ ok if the following 
holds: 

^{x) =u X G dom(r) 
$(a;) = X € dom(O) 
^{x) = 1 X G dom(A) 

Note that $ determines F; il: A and vice versa whenever F; O: A h $ ok. 

Recall that every pattern can be seen as the intensional representation of the 
set of its instances with respected to a fixed signature E and a set of parameters 
declared in a context ^. The judgment in Figure g||A^1|:A, formalizes 

the conditions for M canonical of type >1 to be a ground instance of a simple linear 
pattern N at type A. 

Remark 5.8. Note that ^ \- M G \\Ea $|| : a means that M is indeed a ground 
instance of Ea Conversely, if $ = x^^ . . . x^" and A = Ai ^ ■ ■ ■ An a then 
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Noti(<I>) defined 

NotFlx* 

* h Not(E 4-) ^ Z Noti(*) : a 

*,a;:A h Not(M) ^ N : B 

NotLam 

* h Not{Aa;'':yl. M) AT : A B 

S e dom(S U g : Ai i . . . i Am ^ a,h^ g 
HotAppj 

«r h Not(/i . . . M^) ^ s (Zi . . . (Zm l*")^ ; a 

* h Not(iV^i) =^ W : 

NotApp^ 

^ h Not(/i . . . M^) h (Zi «r«)i . . . Afi (^Zi+i . . . (Z„ : a 

Fig. 7. Complement algorithm; * h Not(M) =^ AT : A 
we set Ea = \x\^ :Ai . . . Aa;^" :^„. M 
6. THE COMPLEMENT ALGORITHM 

The idea of complementation for atomic terms and abstractions is quite simple and 

similar to the first-order case. For generalized variables we consider each argument 
in turn. If an argument variable is undetermined it does not contribute to the 
negation. If an argument variable is strict, then any term where this variable does 
not occur contributes to the negation. We therefore complement the corresponding 
label from to 1 while all other arguments are undetermined. For vacuous argument 
variables we proceed dually. 

In preparation for the rules, we observe that the complement operation on pat- 
terns behaves on labels like negation does on truth-values in Kleene's three- valued 
logic, in the sense of the following table:. 

Not(l) = Not(O) = 1 Not(u) = u 

We extend this definition to sequences of variables as they are used to codify 
occurrence constraints for existential variables. 

Nnt-f'T-'^i T-'^i-i t'^'+i _ Not(d) u u 

i^OX^^^XJ ...Jb^_-^ ■■■■'^n ) — •''1 • • • -^i-l -^j •^i+l----'^n 

Note that we require Xi to be determined (d e {0, 1}) for Not^ to be defined, and 
that variables Xj for j ^ i are all unrestricted on the right-hand side even though 
their status on the left-hand side varies. 

Definition 6.1 Higher-Order Pattern Complement. For a linear simple pattern 
M such that ^ \- M i[ A, define 5' h Not(M) ^ TV : ^ by the rules in Figure 7, 
where the Z's are fresh logic variables of appropriate type, h S dom(I] U and 
^ h h : Ai ^ ... ^ A„ ^ a. We write Z as an abbreviation for Z $ where 
^f; •; • I- $ ok. 

Note that a given M may be related to several patterns N all of which belong to 
the complement of M. We therefore define * h Not(M) = Af : A if Af = {N \ "^l! \- 
Not(M) -.A}. 

We may drop the type information from the above judgment in examples and 
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proofs; we will write * h M G ||Not(iV)|| : A, when * h Not(A^) = A/" and 
* h M e ll^ll : A. 



Example 6.2. Consider the following complement problems. 
x:a,y:a h Not(£ a;" y^) = {J^ a;" 

a;:a, y:a h Not(£ y^) = {F x^ y", G a;" y°} (1) 

It is worthwhile to observe that the members of a complement set are not mu- 
tually disjoint, due to the indeterminacy of u. We can achieve exclusive patterns 
if we resolve this indeterminacy by considering for every a;" the two possibilities 
x^,x^. Thus, for example, the right-hand side of equation (1) can be rewritten as 

{F xV,GxV,Hx°y''}. 

It is clear that in the worst case scenario the number of patterns in a complement set 
is bounded by 2"; hence the usefulness of this further step needs to be pragmatically 
determined. 

We can now revisit the example of an ?7-redex in the untyped A-calculus. To avoid 
too many indices on existential variables, we adopt a convention that the scope of 
existential variables is limited to each member of a complement set. 

Example 6.3. Reconsider Example 2.2. Then we calculate: 

• h Not{lam{Xx'^:exp. app (E x") x)) 

= {lam{Xx'":exp. app {Z x}) {Z' .t'")), 

lamlXx^'-.exp. app (Z a;") {app (Z' x") {Z" a;")), 
lam{Xx^:exp. app {Z x^) {lam{Xy'^:exp. Z' a;" y")), 
lam{Xx'^:exp. lam{Xy'^:exp. Z a;" y")), 
lam{Xx^:exp. x), 
app Z Z'} 

We now address the correctness of the complement algorithm with respect to the 
set-theoretic semantics. The proof obligation consists in proving that the former 
does behave as a complement operation on sets of patterns, that is, it satisfies 
disjointness and exhaustivity. Disjointness is the property that a set and its com- 
plement share no element; exhaustivity states that every element is in the set or its 
complement. Termination is obvious as the algorithm is syntax-directed and only 
finitely branching. We start with disjointness between a pattern and its comple- 
ment. 

Lemma 6.4 Disjointness of Complementation. 
Let ^ \- N A be a simple linear pattern. Then for every Q such that ^ h 
Not(A'') ^Q: A, it is not the case that both -J- h M G \\N\\ : A and * h M G \\Q\\ : 
A. 

Proof. By induction on the structure oiV w^V- Not(A^) =^ Q : A. 

Case. T> ends in NotFlx'. 

* h M G ll-E 3>|| : a Assumption 
h M G jjz Noti($)|| : a Assumption 
$(a;i) = 1 or ^{xi) = Since Notj($) defined 
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Subcase. $(a;j) = 1 
T;Q.;{\,Xi:A) hM:a 
{V,9.,A)-Xi:A-- h M : a 

_L 

Subcase. $(a;j) = is symmetrical. 
Case. V ends in NotApp-^. 

hNl...N^\\:a 
g [Zi (Z„ 



By inversion on M G $|| 

By inversion on M £ \\Z Noti($)|| 
By exclusivity (Lemma 3.7) 



* h M e 
M e 
M = h-- 
M = g-- 

_L 



-.aiov gi^h 



Assumption 
Assumption 
By inversion on grApp 
By inversion on grApp 
Since g 



Case. V ends in NotApp2. 



^hM e \\hNl...Nl\\ -.a 

* h M G (Zi . . . Qi (Zi+i . . . (Z„ 

* h Not(7V,) ^Q:Ai 
M = h Mi...Mn and 
*hMi e \m\:Ai 
*hMi G IIQII : 



Case. V ends in NotLam. 

* h Not (Ax": A. TV) ^ Ace": A. Q : A 
^',a;:AhNot(Af)^Q:B 



* h Ax":A M G ||Ax":A. 
*hAa;":AMe l|Aa;":A 
<I',x:A\- M G IIA^II : B 
^,x:AhM € \\Q\\ -.B 



7V|| 



► B 
B 



Assumption 
a and 

Assumption 

By inversion 
By inversion 
By i.h. 



This case 
Subderivation 
Assumption 
Assumption 
By inversion 
By inversion 
By i.h. 



□ 

Note that disjointness is based on exclusivity (Lemma 3.7), which holds for any 
strict term — it does not require simple terms. Next, we turn to the other direction. 
First a lemma concerning the special case of generalized variables. 

Lemma 6.5 Exhaustivity for Flexible Patterns. 
For every closed M such that * h M -fl" a, either * h M G \\Ea <5?|| : a or 
* h M G ||Z Noti($)|| : a for some i. 

Proof. Assume ^ I- M f|- a. Then by iterated applications of Lemma 5.5 there 
exist O and A such that = O, A and ■•,9.; A\- M a. 

Case. For every x G dom(f7) we have <l>(a;) G {0, u} and for every x G dom(A) 
we have ^{x) G {l,u]. Then -^\- M &\\E ^\. 

Case. For some Xi G dom(ri) we have $(a;i) = 1. 
Then * h M G ||Z x^* . ..x'{_-^ x] x^+i . ..x^W and therefore * h M G ||Z Noti($)||. 
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Case. For some Xi G dom(A) we have ^{xi) = 0. 
Then ^ ^ M e \\Z xY ■ ..x'^_-^ x^ xf^-^ . . and therefore * h M e ||Z Noti($)||. 

□ 

We are now ready to prove exhaustivity of complementation. 

Lemma 6.6 Exhaustivity of Complementation. 

Assume \- N A is a simple linear pattern. Then for every closed M such that 

* h M It A, either * I- M € ||iV|| : A or there isaQ such that * h Not(iV) => Q : A 
and^\-M e \\Q\\ : A. 

Proof. By induction on the structure of V :: ^ \- N -(^ A. 

Case. T> ends in cPat. Then the claim follows immediately by Lemma 6.5. 
Case. V ends in c A /. The i.h. yields the two sub-cases. 

Subcase. ^,x:A^ M e \\N\\ : B. 

* h Aa;":A. M e ||Aa;":A. N\\: A^ B By rule grLam 
Subcase. ^, x:A h Not(7V) Q : B and ^,x:A\- M G \\Q\\ : B for some Q. 

^' h Not{Xx'^:A. N) => A.t":A. Q : A ^ B By rule NotLam 

* f- Ax":y4. M e ||Aa;":A. Q\\ : A ^ B By rule grLam 
Case. 

^,h/i:Ai A... AA„ Aa ^^NifAi ••• * h Ar„ ^ A„ 

^\-hNl...N^ila 
First, assume M = g Ml ... M^, for 5 G dom(S U /i ^ g. Then 

* h Not(/i Nl... N^) ^ 3 (Zi . . . (Z„ : a By rule NotApp^ 

Mi G\\Zi *"|| : A, for all 1 < i < m By rule grFlx 

* h .g . . . M^, G \\g (Zi . . . (2'„ \\ : a By rule grApp 

Otherwise, assume M = h Ml . . . M^. Again, the i.h. yields two sub-cases. 

Subcase. * h Mj G IIA^^^H : A,;, for all 1 < i < n. 
^^hMl... Ml G \\h Nl...Nl^\\:a By rule grApp 

Subcase. * h Not(A^i) ^ Q : Aj and * h Mj G ||(5|| : Aj, for some Q. 

* h G \\Zj *"|| : Aj for all j T^i,l<3 <n By rule grFlx 

* h Not(/i M^i . . . Ml) 

^ /i (Zi . . . {Zi+i . . . (Z„ : a By rule NotApp* 

* h /i Ml . . .M^ G (Zi . . . (Zi+i . . . (Z^ : a 

By rule grApp. 

□ 

The correctness of the algorithm for pattern complement follows directly from 
the preceding two lemmas. 

Theorem 6.7 Correctness of Pattern Complement. 
Assume N is a simple linear pattern such that ^ \- N : A. Then for every closed 
M with \- M it A, *I-Mg ||Not(7V)|| : A iff-^i/ M & \\N\\. 

It is easy to see that simple linear patterns are closed under complementation. 
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Theorem 6.8 Closure under Complementation. Assume M is a simple 
linear pattern with ^ \- M i[ A. Then * h Not(M) =^ N : A implies N is a 
simple linear pattern and ^ \- N A. 

Proof. By induction on the structure of the derivation of ^ \- Not(M) N : 
A. □ 

7. UNIFICATION OF SIMPLE PATTERNS 

As we observed ear her, we can solve a relative complement problem by pairing 
complementation with intersection. We therefore address the task of giving an 
algorithm for unification of linear simple patterns. We start by determining when 
two labels are compatible: 

ini=Mni=inu=i 
ono=«no=on«=o 
uriu = u 

Recall that $ is a list of labelled bound variables. We call $i and $2 compatible 

if they contain the same variables in the same order, but with possibly different 
labels. We can extend the intersection operations to compatible lists. 

• n • = • 

{<i>,x'')n{<S>', x''') = ($n^>',a;'="'=') if n fc' is defined. 

For contexts Fi and F2 that may have variable declarations in common, we write 
Fi n r2 and Fi U r2 for set-theoretic union and intersection. In both cases we 
assume that a variable x declared in both Fi and F2 must be assigned the same 
type in both contexts. 

Remark 7.1. Assume $1 and $2 are compatible and $1 n #2 is defined. Then 

Fi; Ai h $1 ok and F2; A2 h $2 ok implies that Ai n = A2 n f^i = 0. 
Moreover, (Fi nF2); (Oi U 1^2); (Ai U A2) h ($1 n $2) ok. From that it follows that 
* h M e II^^A (*i n $2)11 : a iff (Fi n F2); U ^2); (Ai U A2) h M : o. 

Definition 7.2 Higher- Order Pattern Intersection. Assume M and N are linear 
simple patterns without shared existential variables such that \- M A and 
^ \- N f A. Wc define \- M nN ^ Q : Ahy the rules in Figure 8, where the iJ's 
are fresh variables of appropriate type. We omit two rules, HB.F'^ and flRF^, that 
are symmetric to DFR'^ and flFR". 

The rules DFR'^ and flRF'^ have the following proviso: for all 1 < i < n, dom($i) = 
dom($) and 

\/x.<^{x) = D Vi. ^i{x) = 
yx.^{x) = uDWi. ^i{x) = u 
yx.^{x) = 1 D 3i. ^i{x) = 1 A Vj. j 7^ i D ^j{x) = u 

The rules flFR" and nRF^ are subject to the proviso: 

yx.^{x) = D Vi. ^i{x) = 
Va;.$(a;) =u^\/i. <^i{x) = u 
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nFF 

* h (El *i) n {E2 *2) ^ if (*i n *2) : a 

no rule for flex/flex same 

c e dom(S) * h *i) n Ml ^ ATi : Ai • • ■ * h (if„ $„) n M„ ^ N„ : A„ 
nFR= 

* h (E $) n (c Mi^ . . . Ml) ^cNl...N^:a 

y e dom(*) * h (_ffi 3>i) n Ml ^ A^i : Ai • ■ • -I- h {H„ $„) n M„ Ar„ : A„ 
nFRS' 

* h (E $) n (?/ Mi^ . . . M^) ^ J/ iVi^ . . Af;^ ; a 

/i e dom('I' US) * h Ml n JVi Qi : Ai ■ • • h M„ n Af„ => Q 

nRR 

(hMl... M^) n (/i iVi^ . . AT^) ^ /i Ql . . . ; a 

*,x:A h MnAT ^ Q : B 

nL 

h {Xx":A. M) n (Aa;":A. )iV ^ Aa;":A. Q : A A B 

Fig. 8. Unification algorithm: *l-MnAr=j>Q:A 

'ix.x 7^ 2/ A $(a;) = 1 D 3i. $i(a;) = 1 A Vj. j 7^ i D = u 

$(?/) = 1 D Vi.$i(?/) = u 

Finally define *hMn7V=Q:AifQ={Q|*hMn7V=>Q:A}. 

Some remarks are in order: 

— In rule DFF we can assume $1 and $2 are compatible lists of variables, since 
generalized variables are fully applied and their arguments are in a standard 
order. 

— Since patterns are linear and M and A'' share no pattern variables, the flex/flex 
case arises only with distinct variables. This also means we do not have to apply 

substitutions or perform the customary occurs-check. 

— In the flex/rigid and rigid/flex rules, the proviso enforces the typing discipline 
since each strict variable x must be strict in some premise. If instead y is the 
projected variable, the modified condition on y takes into account that the head 
of an application constitutes a strict occurrence; moreover, since y did occur, it 
is set to u in the rest of the computation, as there are no more requirements on 
that variable. 

— The symmetric rules take the place of an explicit exchange rule that is problem- 
atic with respect to termination. 

The following example illustrates how the flex/rigid rules, in this case nFR°, 
make unification on simple patterns finitary. We describe a unification problem by 
omitting the eventually computed solution bs \- M r\ N : A. 

Example 7.3. Consider the unification problem 

x:a'^Ex^r\c {F a;")^ {F' a;")^ : a 



Since x is strict in the left-hand side, there are two ways to apply the DFR" rule, 
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leading to the following subproblcms: 

1. x:a h E' n F x"" :a x:a\- E" n F' x"^ : a 

2. x:a \- E' xT\ F x"" : a x:a\- E" x^ f^ F' x"" : a 

Hence the result: 

x-.AhEx^nc {F a;")i {F' a;")^ = {c {H x^Y {H' c {H x^^f {H' x^f) 

Note that, similarly to complementation, intersection returns a set of patterns 
with common terms; again it is possible, in a post-processing phase to make the 
result exclusive. 

The following example illustrates the additional proviso on HFR^ 

Example 7.4. The unification problem 

y.a^a^a^Ey'^nyiF y^f {F' y^f : a 

has no solution, whereas 

y:a^a^a^Ey^ny{F y^f {F' yy = {y {H (H' y^} : a 

This first lemma will be needed to handle the case for unification of generalized 
variables. 

Lemma 7.5. Assume and ^2 are compatible an(i$in$2 is defined. Assume 
furthermore that ri;f7i; Ai h $1 ok and r2;ri2; A2 h $2 ok. Then ri;f2i;Ai h 
M lAand r2; 1^2; A2 h M : A iff (Fi n r2); (fii U ^2); (Ai U A2) h M : A. 

Proof. Prom left to right by induction on the size of (Fi ur2) \ (Fi nF2), using 
tightening (Lemma 5.5). Prom right to left by appropriate appeals to loosening 
(Lemma 3.3). □ 

We introduce two n-ary strict application rules which, for the special case of 
simple terms, capture the notion of atomic forms more compactly than the previous 
definition. The rules differ only in whether the head h of the atomic term is a strict 
variable or unrestricted. These will be needed in the proof of Lemma 7.6 and 
Lemma 7.7. 

{T,A^y,fl;Al\-Mi:Ai l<i<n 

. ; 

T;n;Ah h Ml ...M^: B 
where h : Ai ^ . . . ^ An ^ b m dom(r U S) and 

(1) Va; e dom(A). 3\i : 1 < i < n. x G dom(Aj^). 

(2) Vi : 1 < i < n. (A^, Aj) = A. 

{T,A^y,fl;AlhMi:Ai l<i<n 
T;Q;A\-yMl...M^:B 
where y : Ai ^ . . . ^ An ^ b G dom(A) and 
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(1) Vx G doin(A),a; ^ y. 3li : 1 < i < n. x e doin(Aji). 

(2) Vi : 1 < i < n. (A^, A|) = A. 

(3) Vi : 1 < i < n. y e dom(A5'). 

It is straightforward, but tedious to show that these rules can replace the rules 
for atomic terms. The curious reader is invited to consult [Momigliano 2000a] for 
details. 

We are now ready to address correctness of unification. First we show that our 
algorithm only computes unifiers, then that the set of unifiers we compute is most 
general. 

Lemma 7.6 Intersection Computes Unifiers. For any simple linear pat- 
tern Ni and N2 without shared variables such that 5' h A'^i ff A and ^/ h N2 lt A, for 
every N such that * h 1 n A''2 ^ iV if-^\- M & \\N\\ -.A, then * h M e || A'^i || : A 
and*!- Me IjiVall -.A. 

Proof. By induction on the structure ofV :: \- Ni fl A^2 ^ N and inversion on 

V -.-.'^ \- M £ II ATjl : A. We show only some of the cases; the others are analogous. 

Case. V ends in riFF: 

* h [El $1) n {E2 $2) ^ -H" ($1 n $2) : a Assumption 

* h M G ||i? ($1 n $2)11 : a Assumption 
Fj; f]j; Aj h $j ok for i = 1,2 for some Fj, Aj Determined from $j 
(Fi n r2); (Qi U ^2); (Ai U A2) I- $1 n $2 ok By Remark 7.1 
Fj; rij; Aj h M : a By Lemma 7.5 (*-) 

* h M G ||iVj|| : a By rule grFlx 

Case. V ends in nPR". 

V :: <b ^ {E ^) f\{c Q\ . . .Q\) ^ c Nl . . .Nl : a Assumption 
A :: * h (£; <I>i) n Qi ^ TVi : Ai, for all 1 < i < n Subderivations 

* h c . . . G jjc iVi^ . . . II : a Assumption 
^ \- Mi & \\Ni\\ : Ai By inversion 

* H Mi G IIQill : A, and h G \\Ei $i|| : Ai By i.h. on V, 
(Fi, AJ*); f]; A^ h $i ofc and (F^, Af ); O; Aj h : A^ By rule grFlx 
F; Q; A h c Mj^ . . . Ml : a By rule ^E" 

h c Mj^ . . . Ml G ||£' $11 : a By rule grFlx 

* h c Ml . . .M^ G ||c Qi . . .Qi II : a By rule grApp 

□ 

The second part consists of showing that any unifier of two patterns is an instance 
of an element from the computed set of unifiers. 

Lemma 7.7 Intersections are Most General. For any simple linear pat- 
terns Ni and N2 without shared variables such that \- Ni 'f[ A and ^' h N2 i[ A, 
if \- M e \\Ni\\ : A and * h M G ||A^2|| : A, then there is N such that 
^ \- Ni(lN2^ N : A and^\- M e \\N\\ : A. 

Proof. By simultaneous induction on the structure of I>i :: h M G ||A^i|| : A 
and :: * I- M G ||7V2|| : A 
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Case. I?i,2?2 end in grFlx: 

Fj; fi^; Aj h $j ok and Fj; Jlj; Aj h M : a for i = 1, 2 Sub derivations 

$1 n $2 is defined By exclusivity (Lemma 3.7) 

^ h {El $i) n {E2 $2) ^ i? ($1 n $2) : a By rule OFF 

(Fi n F2); {^i U 1^2); (Ai U A2) h M : a By Lemma 7.5(^) 

(Fi n F2); [Ui U 1^2); (Ai U A2) h $1 n $2 oA; By Remark 7.1 

* h M G ($1 n $2)11 : a By rule grPlx 

Case. Vi ends in grFlx and X>2 ends in grApp: there are two cases depending 
on whether the head of N2 is a constant or a parameter. 

Subcase. The head of N2 is a constant c. 
'J' h M G ||c Q{ . . . Q^ll : a Assumption 
M = c Mj^ . . . and Vf :: * h G : Ai for all 1 < i < n Subderivation 

* h c Mj^ . . . G \\E 3>|| : a Assumption 
F; O; A h c Ml . . . : a and F; O; A h $ oA; By inversion on rule grFlx 
(F, A^); O; Aj \- Mi : Ai for some A^, AJ* satisfying (1) and (2) 

By inversion on rule -Ui?" 
V} :: * h Mi G \\Ei $,|| : for $i such that (F, A«); fi; A^ h #i ok 

By rule grFlx 

2?i :: * h [E, $,) n ^ A^, : A, and h Mi G ||iVi|| : Ai By i.h. on 

D :: * h (i; $) n (c . . . ) ^ c A^i^ . . . Afi : a By rule HFK" 

^ ^ c Ml . . .Ml €\\c Nl . . .Nl^W : a By rule grApp 

Subcase. Proceed as above, but using inversion on rule -^E^ 

Case. T>2 ends in grFlx and T>\ ends in grApp: symmetrical to the above. 

Case. T>\.T>2 end in grLam: straightforward by induction hypothesis. 

Case. 2?i, 1?2 end in grApp: a straightforward appeal to the induction hypothesis 
as in the above case. 



□ 

The correctness of the algorithm for pattern intersection follows directly from 
the preceding two lemmas. 

Theorem 7.8 Correctness of Pattern Intersection. 

Assume Ni and N2 are simple linear patterns without shared variables such that 
^ ^ Ni i[ A and ^ N2 it A. Then * h M G ||Ari|| : A and * h M G ||Af2|| : A iff 
* h M G IIA^i n Ar2|| : A. 

Also note that the intersection of linear simple patterns is again a simple linear 
pattern. 

Theorem 7.9 Closure under Intersection. Assume M and N are simple 
linear patterns with * I- M fr A and ^ \- N il A. Then ^/\-MnN^Q: A 
implies that Q is a simple linear pattern and ^ \- Q if A. 

Proof. By induction on the structure of the derivation oi \- M Ci N ^ Q : 
A. □ 
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8. THE ALGEBRA OF LINEAR SIMPLE PATTERNS 

An interesting and natural question is whether complementation is involutive. The 
answer is of course positive, since the latter is a boolean property and the comple- 
ment operation has been shown to satisfy "tertium non datur" and the principle of 
non-contradiction. However, the reader should keep in mind that the representation 
of the set Not(Not(A'')) may be different from {A^}, even though the two sets are 
guaranteed to have the same set of ground instances. Since on finite set of patterns 
we also have intersection and set-theoretic union, we obtain a boolean algebra. For 
the sake of readability, we introduce the following notation: Patyi(\t') denotes the 
finite set of linear simple patterns M with \1/ h M : A. In the following, we also 
drop the type information and overload the singleton pattern notation. 

Definition 8.1. For M,M G PatA(*), define: 

MnAf = y MnN 

MeM,NeJ^ 

Not{M) = Pi Not(M) 
MeM 

Those operations on sets of patterns satisfy the same properties that singleton 
intersection and complementation do. 

Corollary 8.2 Correctness of Set Intersection. 
ForJ\fi,J\f2 G PatA(*), * f- M G ||A^i|| : A and * h M G ||AA2|| : A iff h M G 

IIMnATsll :A. 

Corollary 8.3 Correctness of Set Complement. 
ForAfG Pat^W, * h M G ||Not(A/')|| ■.Aiff^\/Me \\Af\\ : A 

As we have remarked earlier, we can define the relative complement operation by 
using complement and intersection. Its correctness follows immediately from the 
correctness of pattern set intersection and complement. 

Definition 8.4 Relative Complement. 
Given M,Af £ PatA(*), we define M -Af = MCi Not{Af). 

The properties above mean that wc can organize, for a given signature S, context 
\E', and a type A, finite sets of simple linear patters into a Boolean algebra by taking 
equality as cxtcnsional identity on sets of terms without existential variables. In 
symbols, for A/i, A/'2 G PatA(*): 

A/l -ATs iff IIATill = IIAA2II 

Under this interpretation, the element is the empty set and the 1 element the 
singleton set containing the //-expansion of a generalized existential variable of the 
appropriate type that may depend on all variables in the context ^. 

= 

1 = {Xx'i-.Ai . . . Xx'^-.Ar,. a;^ . . x"^} 
where A = Ai A • • • A„ A a. 
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Theorem 8.5. Consider i/ie a^^e^ra (Pat^(\E'), U, n, Not, 1, 0). Then the follow- 
ing holds: 



(1) MnMc^M. 

{2) Mr\N -N'r\M. 

(5) 7Wn(AruP)~(7WnAA)u(A4nP). 

U) A^n(A/'nP) ~ (A^nA^)nP. 

(5) Not(Not(A^)) c^M. 

{6) Not(l) ~ 0. 

(7) Not(O) ~ 1. 

Proof. From Corollaries 8.2 and 8.3 and the fact that U is set-theoretic. □ 
Corollary 8.6. The algebra of finite sets of simple linear patterns is boolean. 

It is notable that the U operator must be set-theoretic union rather than anti- 
unification or generalization, as traditional in lattice-theoretic investigations of the 
algebra of terms [Lasscz ct al. 1988]. The problem is the intrinsically classical nature 
of complementation which is not compatible with the very irregular structure of the 
lattice of terms where the smallest upper bound is interpreted as anti-unification. 

Wc end this section showing how pattern complement can be used as a building 
block of our main application, that is a clause complement algorithm [Barbuti 
et al. 1990]. In (higher-order) logic programming, in fact, pattern complement 
is a necessary component in any algorithm to synthesize the negation of a given 
program. This synthesis includes two basic operations: negation to compute the 
complements of heads of clauses in the definition of a predicate, and intersection to 
combine results of negating individual clause heads. In this paper wc have provided 
algorithms to compute both. A full development for the higher-order case can be 
found in [Momigliano 2000a]. 

Example 8.7. We can combine Example 2.1 and 2.2 and consider the following 
trivial program, which encodes when an object-level lambda term is a /3r?-redex: 

betardx : isredx {app {lam {\x^:exp. E a;")) F). 
etardx : isredx {lam {Xx^:exp. app {E x'^) x)). 
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We can compute the complement of both heads, as follows: 

Not{app {lam {Xx":exp. E x")) F, lam{\x^:exp. app {E x)} 
= Not(app {lam {\x":exp. E a;")) F) r\'Hot{lam{\x'^:exp. app {E x°) x)) 
= {lam {\x'^:exp. H a;"), app {app H H') H"} 
n {lam {Xx'^-.exp. app {H x^) {H' x")), 

lam {Xx^'-.exp. app {H a;") {app {H' a;") {H"x"))), 
lam {\x^:exp. app {H x") {lam {\y":exp. H' a;" y"))), 
lam {Xx^iexp. lam {\y'^:exp. H a;" y")), 
lam {Xx'^-.exp. x), 
app H H'} 
= {lam {Xx^iexp. app {H x-^) {H' a;")), 

lam (Aa;":ea;p. app {H a;") {app {H' a;") {H" a;"))), 
lam {Xx":exp. app {H x") {lam {Xy^iexp. H' a;" y"))) 
lam {Xx^iexp. lam {Xy^:exp. H' a;" y")), 
lam {Xx^:exp. x), 
app {app H H') H") 

This yields the negation of that program, that is the complementary clauses: 

nbi : nonJ,sredx {lam, {Xx":exp. app {H x^) {H' a;"))). 

nb2 : noti-isredx {lam {Xx^:exp. app {H x") {app {H' x") {H" x")))). 

nbs : nonJsredx {lam {Xx^-.exp. app {H x") {lam (Ay":exp. H' x" y"))))- 

nbi '■ nonJsredx {lam (Ax":exp. lam {Xy^:exp. H x" y"))). 

nfos : nonJsredx {lam (Ax":exp. x)). 

nfee : nonJsredx {app {app H H') H"). 



9. CONCLUSIONS 

In this paper we have been concerned with the relative complement problem for 
higher-order patterns. As we have seen, the complement operation does not gener- 
alize easily from the first-order case. Indeed, the complement of a partially applied 
higher-order pattern cannot be described by a pattern, or even a by finite set of 
patterns. The formulation of the problem suggests that we should consider a A- 
calculus with an internal notion of strictness so that we can directly express that a 
term must depend on a given variable. We have developed such a calculus and we 
have shown that via a suitable embedding in our calculus the complement of a linear 
pattern is a finite set of linear patterns and unification of two patterns is decidable 
and leads to a finite set of most general unifiers. Moreover, they form a boolean 
algebra under set-theoretic union, intersection (implemented via unification) and 
the complement operation. 

The latter item brings up the question if we can actually decide extensional equal- 
ity between, and membership of terms in, finite sets of simple terms. For mem- 
bership, one can see that \- M & \\Ni, . . . , iV„|| iff M unifies with some TVj. As 
far as equality is concerned between say ||Afi, .... M„i|| and ||A^i, . . . , 7V„|| calculate 
the two relative complements {Mi, . . . , Mm} — {A^i. • • . , Nn} and {A^i, . . . , A'^,,} — 
{Ml, . . . , Mm} and then check if they are both empty. An emptiness check would 
rely on the decidability of inhabitation in the underlying calculus. We conjecture 
this question to be decidable for the strict A-calculus and we plan to address this 
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question in future work. 

Our main application is the transformational approach to negation in higher- 
order logic programming [Barbuti et al. 1990], where pattern complement and uni- 
fication is a necessary component. We plan to extend the results to dependent types 
to endow intentionally weak frameworks such as Twelf [Schiirmann and Pfenning 
1998] with a logically meaningful notion of negation along these lines. 

It may be argued that the restriction to simple terms is somewhat ad hoc. Ide- 
ally, one would have a complement algorithm for the full strict lamb da- calculus 
(including vacuous types). Yet, this seems to be ill-defined, because "occurrence" 
no longer has the desired meaning once we lift the principle that constructors should 
be strict in their argument. As we have remarked earlier, it is possible to describe 
complement and unification algorithms for a larger fragment than treated here by 
allowing arbitrary abstractions, if we adhere to the above strictness assumption for 
constructors. The technical development is not difficult but entails a proliferation 
of rules to cover the new abstraction cases, as well as the duplication of all rules 
concerning strict application in versions similar to the -^E^ and -^E^ typing rules. 

Finally, it is our contention that the strict A-calculus that we have introduced 
has independent interest in the investigation of sub-structural logics. Our type 
system is simple and uniform and arguably more elegant than those ones presented 
in the literature (see the earlier discussion of related work at the end of Section 4). 
Moreover, the explicit introduction of the notion of vacuous or irrelevant variables 
can be useful in a variety of contexts. In fact, the second author has suggested some 
unexpected usage of those variables in type theory for uses in reasoning about staged 
computation [Pfenning 2000] and proof compression in logical frameworks [Pfenning 
2001b]. Furthermore, extending a linear A-calculus with vacuous variables permits 
more programs under type assignment; for example a term such as Xx. Xy. a; 
{Xw. y) X, which is traditionally considered not linear, can be given the linear 
type A —o B —o [A (Si B). This carries over to the study of explicit substitutions in 
resource-conscious A-calculi [Ghani et al. 1998] where it might clarify the logical 
status of the extension operator. 
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